OpenVPN的使用
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了OpenVPN的使用相关的知识,希望对你有一定的参考价值。
参考技术A 1. 修改 C:\ProgramFiles\OpenVPN\easy-rsa\vars.bat.sampleset KEY_COUNTRY=CN #(国家)
set KEY_PROVINCE=JS #(省份)
set KEY_CITY=SuZhou #(城市)
set KEY_ORG=OpenVPN #(组织)
set KEY_EMAIL=mail@host.domain #(邮件地址)
2. DOS 下配置CA等信息
Microsoft Windows XP [版本 5.1.2600]
(C) 版权所有 1985-2001 Microsoft Corp.
C:\Documents and Settings\Administrator> cd "C:\Program Files\OpenVPN\easy-rsa"
C:\Program Files\OpenVPN\easy-rsa> init-config
C:\Program Files\OpenVPN\easy-rsa> copy vars.bat.sample vars.bat
已复制 1 个文件。
C:\Program Files\OpenVPN\easy-rsa> vars
C:\Program Files\OpenVPN\easy-rsa> clean-all
已复制 1 个文件。
已复制 1 个文件。
C:\Program Files\OpenVPN\easy-rsa> build-ca
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
................++++++
....++++++
writing new private key to 'keys\ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [JS]:
Locality Name (eg, city) [SuZhou]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [changeme]: OpenVPN-CA
Name [changeme]:
Email Address [mail@host.domain]:
C:\Program Files\OpenVPN\easy-rsa> build-dh
Loading 'screen' into random state - done
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
................................................................................
.............................................+................+.................
........+.......................+...............................................
........................................................+.......................
.........+....+.................................................................
.........................................................................+......
...................................+.....+....................................+.
.....................................................................+..........
........................................................+.......................
...+.............++*++*++*
C:\Program Files\OpenVPN\easy-rsa> build-key-server server
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
.++++++
....++++++
writing new private key to 'keys\server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [JS]:
Locality Name (eg, city) [SuZhou]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [changeme]: server
Name [changeme]:
Email Address [mail@host.domain]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from openssl-1.0.0.cnf
Loading 'screen' into random state - done
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'JS'
localityName :PRINTABLE:'SuZhou'
organizationName :PRINTABLE:'OpenVPN'
organizationalUnitName:PRINTABLE:'changeme'
commonName :PRINTABLE:'server'
name :PRINTABLE:'changeme'
emailAddress :IA5STRING:'mail@host.domain'
Certificate is to be certified until Oct 13 07:18:46 2025 GMT (3650 days)
Sign the certificate? [y/n]: y
1 out of 1 certificate requests certified, commit? [y/n] y
Write out database with 1 new entries
Data Base Updated
C:\Program Files\OpenVPN\easy-rsa> build-key client
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
.....++++++
............................++++++
writing new private key to 'keys\client.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [JS]:
Locality Name (eg, city) [SuZhou]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [changeme]: client
Name [changeme]:
Email Address [mail@host.domain]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from openssl-1.0.0.cnf
Loading 'screen' into random state - done
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'JS'
localityName :PRINTABLE:'SuZhou'
organizationName :PRINTABLE:'OpenVPN'
organizationalUnitName:PRINTABLE:'changeme'
commonName :PRINTABLE:'client'
name :PRINTABLE:'changeme'
emailAddress :IA5STRING:'mail@host.domain'
Certificate is to be certified until Oct 13 07:20:05 2025 GMT (3650 days)
Sign the certificate? [y/n]: y
1 out of 1 certificate requests certified, commit? [y/n] y
Write out database with 1 new entries
Data Base Updated
C:\Program Files\OpenVPN\easy-rsa>
3. 拷贝文件
将 ca.crt、dh1024.pem、server.crt、server.key 复制到服务器 C:\Program
Files\OpenVPN\config 目录下
将 ca.crt、client.crt、client.key 复制到客户端 C:\Program Files\OpenVPN\config 目录下
4. C:\ProgramFiles\OpenVPN\config 目录下创建 client.ovpn、server.ovpn
server.ovpn
local 192.168.1.101
port 1194
proto tcp
;proto udp
dev tap
;dev tun
;dev-node MyTap
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 172.16.1.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
push "route 0.0.0.0 0.0.0.0"
push "redirect-gateway def1 bypass-dhcp"
;push "route 192.168.20.0 255.255.255.0"
client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 223.5.5.5"
push "dhcp-option DNS 223.6.6.6"
client-to-client
duplicate-cn
keepalive 10 120
;tls-auth ta.key 0
;cipher BF-CBC
;cipher AES-128-CBC
;cipher DES-EDE3-CBC
comp-lzo
max-clients 100
;user nobody
;group nobody
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
mute 20
client.open
client
dev tap
proto tcp
remote 192.168.1.101 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\client.crt"
key "C:\\Program Files\\OpenVPN\\config\\client.key"
comp-lzo
verb 3
mute 20
以上是关于OpenVPN的使用的主要内容,如果未能解决你的问题,请参考以下文章